CODEWITHSUNDEEP
node.jsreactjsexpressauthentication
Vincent
Vincent

Reputation: 15

How to properly store information in React + Node?

I'm very new to software development. I used Google login in React for the login mechanism, and store the unique Google ID for the user's id on MySQL. When success login occurs, this ID will be stored on the localStorage, so every time the user wants to get something from the database, I just pass in this ID to MySQL, this is the illustration:

// ----- Frontend ----- //
.post(URL, {id:localStorage.getItem("id")} )

// ----- Backend ----- //
id = req.body.id // Getting the id past from the frontend

// Get the items from database using this id
SELECT * FROM users WHERE user_id=id

But my problem is, what if the user opens their browser's console and changes the local storage value? This user can then access someone's information by just changing the local storage's value into something. If you know a reliable solution for this login system please let me know!

Upvotes: 0

Views: 580

Answers (1)

Adel Tahir
Adel Tahir

Reputation: 155

Any sensitive information, like JWT token or Google login ID, should NOT be stored in localStorage, and the better option is to use HTTP only cookie.

This post answers your question and why you should use HTTP only cookie over localStorage:

https://stackoverflow.com/a/37396572/15881471

Cookies, when used with the HttpOnly cookie flag, are not accessible through JavaScript, and are immune to XSS. You can also set the Secure cookie flag to guarantee the cookie is only sent over HTTPS

Upvotes: 1

Related Questions